The Mercatus Center at George Mason University has just released my latest working paper, “The Internet of Things and Wearable Technology: Addressing Privacy and Security Concerns without Derailing Innovation.” The “Internet of Things” (IoT) generally refers to “smart” devices that are connected to both the Internet and other devices. Wearable technologies are IoT devices that are worn somewhere on the body and which gather data about us for various purposes. These technologies promise to usher in the next wave of Internet-enabled services and data-driven innovation. Basically, the Internet will be “baked in” to almost everything that consumers own and come into contact with.

Some critics are worried about the privacy and security implications of the Internet of Things and wearable technology, however, and are proposing regulation to address these concerns. In my new 93-page article, I explain why preemptive, top-down regulation would derail the many life-enriching innovations that could come from these new IoT technologies. Building on a recent book of mine, I argue that “permissionless innovation,” which allows new technology to flourish and develop in a relatively unabated fashion, is the superior approach to the Internet of Things.

As I note in the paper and my earlier book, if we spend all our time living in fear of the worst-case scenarios — and basing public policies on them — then best-case scenarios can never come about. As the old saying goes: nothing ventured, nothing gained. Precautionary principle-based regulation paralyzes progress and must be avoided.  We instead need to find constructive, “bottom-up” solutions to the privacy and security risks accompanying these new IoT technologies instead of top-down controls that would limit the development of life-enriching IoT innovations.

The better alternative is to deal with concerns creatively as they develop, using a balanced, layered approach  involving many different solutions, including: educational efforts, technological empowerment tools, social norms, public and watchdog pressure, industry best practices and self-regulation, transparency, torts and products liability law, and targeted enforcement of existing legal standards as needed.

Generally speaking, patience, humility, and forbearance by policymakers is crucial to allowing greater innovation and consumer choice in this arena. Importantly, policymakers should not forget that societal and individual adaptation will play a role here, just as it has during so many other turbulent technological transformations.

This article can be downloaded on my Mercatus Center page, on SSRN, or at Research Gate. I am hoping to find a law or policy journal interested in publishing this paper soon. If you with a journal and are interested, please contact me. [UPDATE 12/3/14: This paper has been accepted for publication in the Richmond Journal of Law & Technology, Vol. 21, Issue 6 (2015).]

Finally, if you are interested in this topic, you might want to flip through these slides I prepared for a presentation on this topic that I made at the Federal Communications Commission in September:

On Thursday, it was my great pleasure to present a draft of my forthcoming paper, “The Internet of Things & Wearable Technology: Addressing Privacy & Security Concerns without Derailing Innovation,” at a conference that took place at the Federal Communications Commission on “Regulating the Evolving Broadband Ecosystem.” The 3-day event was co-sponsored by the American Enterprise Institute and the University of Nebraska College of Law.

The 65-page working paper I presented is still going through final peer review and copyediting, but I posted a very rough first draft on SSRN for conference participants. I expect the paper to be released as a Mercatus Center working paper in October and then I hope to find a home for it in a law review. I will post the final version once it is released. [UPDATE:The final version of this working paper was released on November 19, 2014.]

In the meantime, however, I thought I would post the 46 slides I presented at the conference, which offer an overview of the nature of the Internet of Things and wearable technology, the potential economic opportunities that exist in this space, and the various privacy and security challenges that could hold this technological revolution back. I also outlined some constructive solutions to those concerns. I plan to be very active on these issues in coming months.

Additional Reading

• “The Growing Conflict of Visions over the Internet of Things & Privacy,” January 14, 2012
• “Can We Adapt to the Internet of Things?” IAPP Privacy Perspectives, June 19, 2013
• My Filing to the FTC in its ‘Internet of Things’ Proceeding, May 31, 2013
• Permissionless Innovation: The Continuing Case for Comprehensive Technological Freedom (2014)
• [Video] Cap Hill Briefing on Emerging Tech Policy Issues (June 2014)

I’m pleased to announce the release of my latest law review article, “A Framework for Benefit-Cost Analysis in Digital Privacy Debates.” It appears in the new edition of the George Mason University Law Review. (Vol. 20, No. 4, Summer 2013)

This is the second of two complimentary law review articles I am releasing this year dealing with privacy policy. The first, “The Pursuit of Privacy in a World Where Information Control is Failing,” was published in Vol. 36 of the Harvard Journal of Law & Public Policy this Spring. (FYI: Both articles focus on privacy claims made against private actors — namely, efforts to limit private data collection — and not on privacy rights against governments.)

My new article on benefit-cost analysis in privacy debates makes a seemingly contradictory argument: benefit-cost analysis (“BCA”) is extremely challenging in online child safety and digital privacy debates, yet it remains essential that analysts and policymakers attempt to conduct such reviews. While we will never be able to perfectly determine either the benefits or costs of online safety or privacy controls, the very act of conducting a regulatory impact analysis (“RIA”) will help us to better understand the trade-offs associated with various regulatory proposals.

However, precisely because those benefits and costs remain so remarkably subjective and contentious, I argue that we should look to employ less-restrictive solutions — education and awareness efforts, empowerment tools, alternative enforcement mechanisms, etc. — before resorting to potentially costly and cumbersome legal and regulatory regimes that could disrupt the digital economy and the efficient provision of services that consumers desire. This model has worked fairly effectively in the online safety context and can be applied to digital privacy concerns as well.

The article is organized as follows. Part I examines the use of BCA by federal agencies to assess the utility of government regulations. Part II considers how BCA can be applied to online privacy regulation and the challenges federal officials face when determining the potential benefits of regulation. Part III then elaborates on the cost considerations and other trade-offs that regulators face when evaluating the impact of privacy-related regulations. Part IV discusses alternative measures that can be taken by government regulators when attempting to address online safety and privacy concerns. This article concludes that policymakers must consider BCA when proposing new rules but also recognize the utility of alternative remedies such as education and awareness campaigns, to address consumer concerns about online safety and privacy.

I’ve embedded the full article down below in a Scribd reader, but you can also download it from my SSRN page and my Mercatus author page.

A Framework for Benefit-Cost Analysis in Digital Privacy Debates by Adam Thierer

I’m excited to announce the release of my latest law review article, “The Pursuit of Privacy in a World Where Information Control is Failing,” which appears in the next edition (vol. 36) of the Harvard Journal of Law & Public Policy. This is the first of two complimentary law review articles that I will be releasing this year dealing with privacy policy. The second, which will be published later this summer by the George Mason University Law Review, is entitled, “A Framework for Benefit-Cost Analysis in Digital Privacy Debates.” (FYI: Both articles focus on privacy claims made against private actors — namely, efforts to limit private data collection — and not on privacy rights against governments.)

The new Harvard Journal article is divided into three major sections. Part I focuses on some of normative challenges we face when discussing privacy and argues that there may never be a widely accepted, coherent legal standard for privacy rights or harms here in the United States. It also explores the tensions between expanded privacy regulation and online free speech. Part II turns to the many enforcement challenges that are often ignored when privacy policies are being proposed or formulated and argues that legislative and regulatory efforts aimed at protecting privacy must now be seen as an increasingly intractable information control problem. Most of the problems policymakers and average individuals face when it comes to controlling the flow of private information online are similar to the challenges they face when trying to control the free flow of digitalized bits in other information policy contexts, such as online safety, cybersecurity, and digital copyright.

If the effectiveness of law and regulation is limited by the normative considerations discussed in Part I and the practical enforcement complications discussed in Part II, what alternatives remain to assist privacy-sensitive individuals? I address that question in Part III of the paper and argue that the approach America has adopted to deal with concerns about objectionable online speech and child safety offers a path forward on the privacy front as well. A so-called “3-E” solution that combines consumer education, user empowerment, and selective enforcement of existing targeted laws and other legal standards (torts, anti-fraud laws, contract law, and so on), has helped society achieve a reasonable balance in terms of addressing online safety while also safeguarding other important values, especially freedom of expression.  That does not mean perfect online safety exists, not only because the term means very different things to different people, but because it would be impossible to achieve in the first instance as a result of information control complications. But the “3-E” approach has the advantage of enhancing online safety without sweeping regulations being imposed that could undermine the many benefits information networks and online services offer individuals and society.  This same framework can guide online privacy decisions—both at the individual household level and the public policy level.

I’ve embedded the full article down below in a Scribd reader, but you can also download it from my SSRN page and it should be available on the HJLPP website shortly. [Update 4/16: It is now live on the site.] In coming weeks, I hope to do some blogging that builds on the themes and arguments I develop in this article.

The Pursuit of Privacy in a World Where Information Control is Failing

It’s well known now that a long-simmering contest for control of the Cato Institute has bubbled over. On the last day of February, Charles and David Koch filed a lawsuit against the widow of former Cato chairman Bill Niskanen, Cato president Ed Crane, and Cato itself seeking to have Niskanen’s shares returned to Cato or granted to the remaining shareholders under the terms of a shareholder agreement. This would give the Kochs (one of whom participated in the founding of Cato) majority ownership, allowing them to elect a majority of Cato’s board. It would also position them to extinguish Crane’s shares so as to gain 100% control.

Cato disputes the Kochs legal positions, and it believes that their success “would swiftly and irrevocably damage the Cato Institute’s credibility as a non-partisan, independent advocate for free markets, individual liberty, and peace.”

The quote just above is from Cato’s “Save Cato” web page, but the more interesting commentary has been scattered by Cato staff and leadership across various blogs and outlets (e.g., Jerry Taylor, Gene Healy, Jason Kuznicki, Julian Sanchez, Jonathan Blanks, Justin Logan, Trevor Burris, Michael Cannon). There has been lots of commentary from many quarters, of course, led by Jonathan Adler at the Volokh Conspiracy. Really, there’s too much commentary to list.

A Facebook page dedicated to “saving” Cato has zoomed past 5,000 supporters.

Now it’s my turn. Putting my thoughts here on TLF is a stretch because I won’t be talking about tech. Think of this as the “liberation” part of Tech Liberation Front. The reason many of my colleagues and I do what we do here is because of both Ed Crane and the Kochs, and the institutions they have built and nurtured. Now these giants in the modern liberty movement are fighting.

That’s a shame for a lot of reasons. There is the overall cause of freedom, of course, our part of which is side-tracked and sullied by the dispute. We Catoites love what we do, fighting for freedom backed by thousands of highly engaged supporters. But don’t go all analytical and forget the hundred-plus Cato staff whose livelihoods and careers are under a cloud. That’s concerning and frustrating, especially for the people with children. Once or twice, I’ve let my colleagues know when I found their arguments overwrought. That personal dimension might be why.

Yes, Cato people are people. And so are Koch people. This is important to surface as part of the theme I want to focus on: miscalculation.

Perhaps because we’re intellectuals, maybe out of courtesy, or in pursuit of simplicity, much commentary has forgotten that all the actors in this drama are people. And people make mistakes. Lots of ’em.

People on the Cato side have treated the Koch side as monolithic and acting in unison. From inside Cato, it’s rather obviously not, but the Koch side likely perceives the Cato side as monolithic and similarly orchestrated. But when I talk here about “the Kochs” or the “Koch side,” I do not mean the brothers as a unit, or either of them individually. I rather doubt that these successful businessmen devote a huge percentage of their time to their ideological work (and hope they don’t, for their sake!).

The “Koch side” is actually a variety of different actors, including each of the Koch brothers themselves and any number of advisors and allies. The things any one person has said, the suit the Kochs’ attorneys filed in their names, and the press releases put out for them are the products of different actors within the “Koch side,” each of which may have different motivations and strategies.

Examining the Koch side’s actions, I have a suspicion that it is not acting in a highly coordinated and planned fashion, and that it is not actually pursuing the interests of the Koch brothers all that well. That’s saying a lot, and it’s a little presumptuous. I hope to bring the evidence forth in a series of posts.

My work at Cato on counterterrorism, including the production of the book Terrorizing Ourselves, is something no politically active group would do because it doesn’t help one party or the other. Same goes for my anti-national-ID work. Growing the government is a bipartisan project. But I think of the counterterrorism work in particular because it exposed me to national security and foreign policy concepts that pertain well here.

In national security and foreign policy, no theme is stronger than the problem of miscalculation. So often, international powers misunderstand one another and misinterpret each others’ actions. They develop theories of each others’ behavior (treating each other as monoliths), then act and react based on those theories until conflagration ensues. The victor writes history.

As we libertarians all know, war kills people and saps the world of wealth. Now “war” among libertarian powers causes libertarians to suffer, and it saps strength from the libertarian movement. So we really, really ought to avoid miscalculation, oughtn’t we?

It seems to me that a central miscalculation on the Koch side is to misapprehend what the Cato Institute is and what gives it value.

Before I get to that, let me start with a premise: I believe the Kochs want what’s best for liberty. The Kochs’ work to advance liberty over many decades is very strong evidence that they want to see its advance continue. The statements put out in their names are creditable evidence of the same. This doesn’t exclude other goals within the Koch “side” or secondary goals on the part of the Koch brothers themselves, but consistency on liberty over decades suggests that the Kochs themselves want Cato to remain an organization that advocates liberty well.

Now, what makes Cato a valuable part of the libertarian movement? Here, the Koch side is not calculating well.

Cato is not a profit-making enterprise, but concepts from that world apply fairly well to its examination. Take “going-concern value.” That’s the value of an enterprise as an ongoing entity, over and above the value of its assets if liquidated. Going-concern value includes liquidation value plus the value of intangible assets such as goodwill.

Goodwill. That’s the positive reputation of an enterprise, the “something” that enables it to do more with a given set of intellectual and physical assets than another enterprise could with the same assets. Reputation (as you can learn starting on page four of my recent Cato policy analysis) is the set of conclusions one makes by combining identity and biography.

Cato has a clear identity—a brand—and it has a thirty-five-year history/biography of being a reasonable, consistent, and honest intellectual advocate for libertarian and free-market policies. This has caused a number of non-libertarians to come to Cato’s defense in the current dispute.

The simpleton might use this against Cato—“Aha! They’re admired on the left!”—but people who care about persuasion know that gains come from bringing fence-sitters to the side of liberty. Gains come from convincing opponents of liberty to moderate their positions. Real persuasion happens in small increments over a long time, and it comes from engaging with the other side.

There are lots of inputs into reputation, and one of them for advocacy groups is most definitely funding and control. One need only look at SourceWatch to see that ownership and control is an important input into reputation. (Again, because of the propensity for cheap argument in some quarters: Citing to SourceWatch is not endorsement. I am pointing out a reality of participation in public debate.)

The properties of reputation are somewhat like the properties of physical assets. A machine that is not maintained will start to work less well over time or suffer catastrophic failure at some point. A reputation that is not maintained will slide or even collapse. Cato has ideological opponents who are constantly and often unfairly trying to tear down the organization’s repuation, mostly using proxies for substance such as funding and control. (It’s the easy way. Debating us on the merits is hard.)

It is not to endorse that I state the following: The Koch Brothers do not have the same reputation as Cato. The Center for American Progress puts out reports that call the Kochs “financiers of the radical right” while it joins with Cato and Cato scholars on issues like immigration, gay marriage, national security, and transparency. For whatever reason, while Cato has successfully cultivated the currency of legitimacy in Washington, D.C., the Kochs unfortunately have not. I believe they have tried, and the Kochs’ reputation in the public policy arena is undeserved in my opinion, but it is a reality. (Speaking of cheap argumentation, some have argued that the Cato side is buying into or fostering “lefty” arguments about the Kochs. There is very little evidence of this, and the proponents of that idea should put themselves to proof.)

A Koch takeover would affect the reputation of Cato. Such a thing generally wouldn’t happen with an industrial firm, but a change in corporate control of an advocacy group most definitely would affect its operations. A Koch takeover would degrade Cato’s reputation, its goodwill, and its value as a going concern. Cato would lose some measure of its ability to persuade. I don’t believe the Koch side fully considered this effect when it embarked on its current course of action.

This miscalculation permeates the Koch/Cato dispute. Jonathan Adler recognized it insightfully in the early going:

Even if one assumes that the Kochs have better ideas for how Cato should direct its resources, know more about how to advance individual liberty, and are correct that the Institute is too “ subject to the personal preferences of individual officers or directors,” any benefit from whatever changes they could make will be outweighed to the permanent damage to Cato’s reputation caused by turning it into a de facto Koch subsidiary.

I hear a counter-claim to this argument: Unfairness! Ed Crane pushed this idea! He pushed the idea of a ‘takeover’!

Maybe. Ed’s an interesting one. And if I’m not fired for something in this post (!), I’ll say more later about him. But “unfairness” is not an answer to the underlying point.

Think of that industrial machine. Without proper maintenance, it either degrades over time or seizes up. In the end, it doesn’t matter which. The enterprise can no longer produce what it did. I have a hard time blaming the person who built an enterprise over thirty-five years for hastening the discussion about whether his machine will run better in the next thirty-five years, or whether it will cough and sputter, potentially to grind to a halt.

I’ve focused on miscalculation on the Koch side rather than the Cato side. The cause of this is not simply Cato partisanship (which I fully admit to). I will explain the reason for focus on the Kochs in a future post—and why I think it is a product of more Koch-side miscalculation.

I like this new document about guarding your online reputation that has just been jointly published by Reputation Defender and the Internet Keep Safe Coalition (iKeepSafe). They list these “3 Key Tips for Parents” for how to deal with concerns about their children’s online safety, privacy, and reputation:

1. Keep Current with Technology: Talk to teachers about what forms of Internet safety tools they implement in computer labs and technology classes, consider these safety tools for home use, and stay up-to-date on the capabilities of any mobile devices your child may have. 2. Keep Communicating with Your Kids: Find out who your child talks to online, educate your kids about the permanence of any “digital footprints” they leave behind, limit the use of social networks, and make it a habit to engage your kids in critical conversation—the more you talk to your kids about their online usage, the more they will learn to use digital products in a safe and healthy manner. 3. Keep Checking Your Kid’s Internet Activity: Keep computers in a central public location, check your child’s browsing histories, and limit your child’s computer time—there’s a whole world of outdoor and offline activities where they should be involved!

All good advice. I especially like their focus on getting parents to communicate early and often with their kids. It’s something I have beat the drum about quite a bit in my own work on the subject. Specifically, they rightly stress the importance of “encourag[ing] your child to think critically and evaluate sources of online information, and about promises made by other people online.” “[M]ake it a habit to engage your kids in critical conversation,” they stress. “The more you talk to your kids about their online usage, the more they will learn to use digital products in a safe and healthy manner.”

Here are some of the questions they suggest to parents that will help them get these conversations rolling with their kids:

• “How much time do you spend online when you’re not at home?”
• “What kinds of things do you or your friends usually do when you’re online?”
• “Show me your favorite sites.”
• “Why are they your favorites?”
• “Are there any websites you don’t like? Why don’t you like them?”
• “Do you talk to other people online?”
• “Who are they?”
• “What do you talk about?”
• “Are you the same person online as you are offline?”

All good stuff.  This how responsible parenting in the Information Age gets started. It’s never easy to have such conversations, but they are essential.  Especially if we don’t want lawmakers proposing that Uncle Sam become our national nanny.

I’m reading a couple of interesting books right now [see my Shelfari list here] including Guarding Life’s Dark Secrets: Legal and Social Controls over Reputation, Propriety, and Privacy by Lawrence Friedman of the Stanford School of Law.  The book examines the legal and social norms governing privacy, reputation, sex, and morals over the past two centuries.  It’s worth putting on your reading list. [Here’s a detailed review by Neil Richards.]  I might pen a full review later but for now I thought I would just snip this passage from the concluding chapter:

In an important sense, privacy is a modern invention. Medieval people had no concept of privacy.  They also had no actual privacy. Nobody was ever alone. No ordinary person had private space.  Houses were tiny and crowded.  Everyone was embedded in a face-to-face community. Privacy, as idea and reality, is the creation of a modern bourgeois society.  Above all, it is a creation of the nineteenth century.  In the twentieth century it became even more of a reality. [p. 258]

In a time when amorphous “rights” to privacy seem to be multiplying like wildflowers, this is an important insight from Friedman.  In my opinion, many of the creative privacy theories being concocted today are often based on false nostalgia about some forgotten time in the past when we supposedly all had our own little quiet spaces that were completely free from privacy intrusions.  But as Friedman makes clear, this is largely a myth.  It’s not to say that there aren’t legitimate issues out there today.  But it’s important that we place modern privacy issues in a larger historical context and understand how many of today’s concerns pale in comparison to the problems of the past.

[Note: If you’re interested in this topic, you’ll also want to read Daniel Solove’s The Future of Reputation: Gossip, Rumor, and Privacy on the Internet.  Also, here’s Jim Harper’s review of it.]

With the publication of Understanding Privacy (Harvard University Press 2008), George Washington University Law School professor Daniel J. Solove has firmly established himself as one of America’s leading intellectuals in the field of information policy and cyberlaw.  Solove had already made himself a force to be reckoned with in this field with the publication of important books like The Future of Reputation: Gossip, Rumor, and Privacy on the Internet (Yale University Press 2007), The Digital Person: Technology and Privacy in the Information Age (NYU Press 2004) and his treatise on Information Privacy Law with Paul M. Schwartz of the Berkeley School of Law (Aspen Publishing, 2d ed. 2006).  But with Understanding Privacy, Solove has now elevated himself to that rarefied air of “people worth watching” in the cyberlaw field; an intellectual — like Lawrence Lessig or Jonathan Zittrain — whose every publication becomes something of an event in the field to which all eyes turn upon release.

Like those other intellectuals, however, my respect for their stature should not be confused with agreement with their positions.  In fact, my disagreements with Lessig and Zittrain are frequently on display here and, we have been critical of Solove here in the past as well. [Here’s Jim Harper’s review of Solove’s last book, with which I am in wholehearted agreement.]  In a similar vein, although I greatly appreciate what Prof. Solove attempts to accomplish in Understanding Privacy — and I am sure it will change the way we conceptualize and debate privacy policy in the future — I found his approach and conclusions highly problematic.

Let me begin by summarizing Solove’s bold objective in Understanding Privacy. In the book, he attempts “to set forth a theory of privacy that will guide our understanding of privacy issues and the crafting of effective laws and policies to address them.” (p. 2) Solove’s “pragmatic” proposal to rethink privacy requires us to abandon the ways we have traditional thought about it. He begins by rightly noting that privacy has long been a “conceptual jungle” (p. 196) and a “concept in disarray.” (p. 1) “[T]he attempt to locate the ‘essential’ or ‘core’ characteristics of privacy has led to failure,” he says. (pg. 8 )

Consequently — and this is what make’s his approach so unique and important — Solove’s proposal to rethink privacy begins with a call to abandon the entire philosophical exercise of trying to tie privacy rights to some “common denominator” (pg. 8 ) since “Nobody can articulate what it means.” (p. 1) Actually, what he really means to say is that plenty of theorists can articulate what it means, it’s just that there is rarely any strong consensus about what justifies a particular theory of privacy. Indeed, in Chapter 2, he walks the reader through a half-dozen “conceptions of privacy” and illustrates how each has intellectual weaknesses and suffers from over- and under-breadth problems in terms of what it types of privacy it protects.

More importantly, according to Solove, not only has the effort “to locate the ‘essence’ of privacy” failed, but there is never any hope of it succeeding. Instead of continuing the futile search for such a grand, unified theory of privacy, Solove says we should tackle privacy issues from the “bottom up” by looking to “solve certain problems” (p. 75) The key to making it all work, he says, is “balancing”:

Because privacy conflicts with other fundamental values, such as free speech, security, curiosity, and transparency, we should engage in a candid and direct analysis of why privacy interests are important and how they ought to be reconciled with other interests. We cannot ascribe a value to privacy in the abstract. The value of privacy is not uniform across all contexts. We determine the value of privacy when we seek to reconcile privacy with opposing interests in the particular situations. (p. 87)

It is tempting to applaud Solove’s attempt to unhinge privacy from any “common denominator” and instead get more concrete about how to work through the details of practical privacy problems. After all, it is easy to get frustrated with some modern theories of privacy that have been tied up with amorphous, warm-and-fuzzy terms like “personhood” and “intimacy.” The inherent subjectivity of some of those terms makes it challenging to derive bright-line principles and tests to help craft law or resolve privacy disputes when they come before the courts.

But I believe there are serious problems with any attempt to completely divorce privacy policy from a theory of rights or justice. In my opinion, you can’t just dynamite all conceptual frameworks to the ground; value judgments will persist and references to rights theory will always be required. Even Solove’s pragmatic, bottom-up approach is value-laden; he just doesn’t acknowledge it. The majority of privacy controversies he attempts to work through in Chapter 5’s ambitious 16-part “Taxonomy of Privacy” mostly end up coming down in favor of taking stronger steps (i.e., rules, regulations, lawsuits, etc) to enhance privacy rights. He clearly has a bias in favor of enhancing and extending privacy rights relative to many other rights, but he doesn’t bother grounding it in any substantive theory of rights or justice.

Simply stated, even though Solove claims he can construct a new paradigm based strictly on a “pragmatic,” utilitarian, “problem-solving” approach, there is just no getting around the fact that, at some point, you are going to have to provide a more robust theory of rights or justice to explain why one right trumps another.

For example, let’s consider the frequent clash between privacy and free speech rights. As any casual reader of this blog knows, I feel quite passionately about the First Amendment and free speech rights. And, in all but the most extreme cases or circumstances, I will argue that speech rights should trump privacy rights. When would speech rights not trump privacy rights? For me, that would only occur when a clear, quantifiable harm resulted from the speech. But what is “clear, quantifiable harm”?  Reputation, for example, is not something one can easily quantify the loss of. When a company or a government agency loses or sells your personal health records without permission, however, that privacy violation gets a little more quantifiable. And in the case of someone stealing your personal information to engage in identity theft, the harm becomes still more quantifiable. But those cases often involve monetary damages, whereas something like defamation is much more difficult to quantify. However, when considering privacy-vs.-free speech trade-offs, I would first look to identify and quantify to concrete harm to an individual before allowing the state to curtain freedom of speech.

Solove acknowledges these privacy-speech trade-offs and cites the work of scholars like Eugene Volokh, Fred Cate, Virginia Postrel, and Solveig Singleton, who have all discussed these problems in their work. Volokh, for example, wrote an incredibly important 2000 law review article entitled, “Freedom of Speech, Information Privacy, and the Troubling Implications of a Right to Stop People from Speaking About You.” As he pointed out in that piece:

The difficulty is that the right to information privacy — the right to control other people’s communication of personally identifiable information about you — is a right to have the government stop people from speaking about you. And the First Amendment (which is already our basic code of “fair information practices”) generally bars the government from “control[ling the communication] of information,” either by direct regulation or through the authorization of private lawsuits.

Without reference to some higher set of first principles or theory of rights / justice, I believe it is very difficult to sort through thorny problems like these. We need to know how and when one right trumps another. A theory of rights that focuses on avoiding direct, tangible harm to others — but largely leaves individuals otherwise free to do what they wish — would generally place speech rights above many privacy “rights” (some of which perhaps should not quality be rights at all). Of course, this more libertarian construction of rights remains quite controversial in our modern society, and there are other theories of rights and justice that would minimize the importance of speech rights relative to privacy.

Importantly, there also needs to be some recognition of the qualitative difference between government threats to privacy versus private threats. The harm that can come from government violations of privacy are generally far more troubling (surveillance, taxation, fines, imprisonment, etc) than potential private harms. I don’t think Solove’s framework appreciates that distinction.

Regardless of which approach one adopts — reasoning from first principles, or working from the “bottom up” (a la Solove) — there will always be fair degree of “balancing” undertaken by legislatures and the courts when crafting privacy policies. Indeed, in many ways, I see Solove’s more “pragmatic” approach often getting us to the same point we would find ourselves in if we took a more philosophical, first principles-based approach. It’s just that under his approach, he would often give the nod to privacy concerns over other rights whereas others (like me) would first look to enhance other values, especially free speech.

In sum, I believe that if one attempts to divorce the exercise of “understanding privacy” from any theory of rights, inevitably, you end right back in the same “conceptual jungle” you were in before. In that sense, I regret to say that Solove’s approach in Understanding Privacy ultimately fails. There’s just no escaping a fight over first principles.

But make no doubt about it, Daniel Solove’s book — and his approach to classifying and dealing with privacy problems — will have a profound impact on all future privacy debates. In that sense, it is a vital text; a must read for all who follow, or engage in, privacy debates.

P.S. Prof. Solove contributed an article to this month’s big Scientific American special issue on “The Future of Privacy.” Many articles in that issue worth reading.